-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51705/
-----------------------------------------------------------

Advertising

Review request for Ambari, Di Li, Jonathan Hurley, and Nate Cole.
Bugs: AMBARI-18334
https://issues.apache.org/jira/browse/AMBARI-18334
Repository: ambari
Description
-------
The configurations.json file loaded in the ambari-agent cache located at
/var/lib/ambari-agent/cache/cluster_configuration contains password details in
plaintext (Ex: ssl.client.keystore.password,ssl.client.truststore.password
etc.). The values are loaded both in the memory cache and file cache, the file
seems to be used only for debugging purposes, so it would be a better approach
to mask the passwords in the file.
Approach:
The password_config_type is included in the heartbeat response for alert
definition command and execution command, for which the values are dumped into
the json file. The password_config_type contains the information on which
properties in the configurations has the propertyType password. Based on the
response, the json is parsed and the password values are masked before dumping
it into the configurations.json file.
Diffs
-----
ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py 72b87be
ambari-agent/src/test/python/ambari_agent/TestAlerts.py e114daa
ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
a418f6d
ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ExecutionCommandWrapper.java
0562c15
ambari-server/src/main/java/org/apache/ambari/server/agent/AlertDefinitionCommand.java
4d2e048
ambari-server/src/main/java/org/apache/ambari/server/agent/ExecutionCommand.java
29737ee
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java
70c24f9
Diff: https://reviews.apache.org/r/51705/diff/
Testing
-------
Updated the test cases.
Ran mvn test.
Manually tested by setting up a cluster, the password fields in the
configurations.json is masked.
Thanks,
Anita Jebaraj